[Politech logo]

Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of culture, technology, politics, and law. Since 2000, so has the Politech web site.

MailFrontier.net, poor anti-spamware, and future of mailing lists

When you request to subscribe to Politech 
(http://www.politechbot.com/info/subscribe.html), you get a message back 
from my server's majordomo application saying "please respond to verify 
that you really do want to join the list."

A few moments ago, a poor implementation of a challenge-response (C-R) 
system -- in this case, the one sold by MailFrontier.net -- requested that 
majordomo-owner click on a link in that reply email. MailFrontier.net's 
email to majordomo-owner should *never* have been generated because the new 
Politech subscriber (I know this for a fact) requested to be added to the 
mailing list by contacting majordomo in the first place.

It is true that verifying one user manually is not a problem. I did it. But 
Politech receives hundreds of new signups per month, and if dumb C-R 
systems become widely adopted, verifying hundreds of users per month will 
present a significant burden. It removes the benefits of having automated 
authentication via majordomo -- I might as well go back to the way I did it 
circa 1995, which was editing a text file by hand!

Actually, it's even worse than that. The initial confirmation messages come 
from my server's majordomo address, which I'll need to manually verify when 
interacting with flawed C-R system. But most messages to Politech come from 
declan@well.com, which I may need to manually verify as well, doubling the 
amount of work required. And if I ever send mail to Politech from another 
email address, as I have as recently as the last few weeks, that means 
another round of confirmations. (FYI you should whitelist by Sender: 

My reluctant conclusion is that C-R systems with flawed implementations 
have the potential to end legitimate mailing lists as we know them today.

For a C-R system to work properly, it will need to be tightly integrated 
with the mail client (so it knows who you contacted) and probably 
understand a little about popular mailing list software like majordomo, 
mailman, and Listserv. It's easier for C-R companies providing web-based 
email. For everyone else using software like Eudora and Outlook, that 
probably means plugins, an email proxy service, or a new email standard 
that Microsoft, Qualcomm, and others, like the folks maintaining mutt and 
pine, would have to embrace.

I don't see that happening anytime soon.


PS: Dave Farber, who runs the IP list, sent out this warning a few days ago:
>If I start getting a flood of challenges from earthlink ipers that require
>my response I will most likely declare them SPAM and you will stop receiving
>IP mail.
>I fully expect this to be the case for almost all the legitimate mailing
>lists you are on and count on.
>See if their system allows you to pre-approve lists you are on else ....


From: [deleted to protect the guilty].net
Subject: Re: Confirmation for subscribe politech
To: Majordomo-Owner [at] politechbot.com
Date: Sun, 11 May 2003 10:16:39 -0400 (EDT)

[-- Attachment #1 --]
[-- Type: multipart/alternative, Encoding: 7bit, Size: 4.0K --]

Thank you for sending me your email with the subject "Confirmation for 
+politech". I really want to receive your email.

In an effort to eliminate junk email, I am using MailFrontier Matador.
Matador has placed your message on hold.

Please click the link below so you will be added to my Allowed people list,
I will receive your email, and we will be able to communicate freely going


If you can not click on the link above, copy and paste the URL above directly
+into your browser.

A note from [deleted]:
Sorry guys, I had to do this, just TOO much spam.

This mailbox protected from junk email by Matador
from MailFrontier, Inc. http://www.mailfrontier.com

[-- Attachment #2 --]
[-- Type: image/gif, Encoding: base64, Size: 1.4K --]

[-- image/gif is unsupported (use 'v' to view this part) --]

[-- Attachment #3 --]
[-- Type: image/gif, Encoding: base64, Size: 2.8K --]

[-- image/gif is unsupported (use 'v' to view this part) --]

POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/

Enter your email address to join Politech, Declan McCullagh's moderated technology and politics announcement list:

Return to politechbot.com